Our website use cookies to improve and personalise your experience and to display advertisements (if any). Our website may also include cookies from third parties like Google Adsense, Google Analytics, Youtube. By using the website, you consent to the use of cookies.

Blog Post

Azure IP address


Have you ever wondered what this IP address is?  Well is a virtual public IP address that is used to facilitate a communication channel to internal platform resources for the bring-your-own IP Virtual Network scenario.  Because the Azure platform allow customers to define any private or customer address space, this resource must be a unique public IP address.  It cannot be a private IP address as the address cannot be a duplicate of address space the customer defines.  This virtual public IP address facilitates the following things:

  • Enables the VM Agent to communicating with the platform to signal it is in a “Ready” state
  • Enables communication with the DNS virtual server to provide filtered name resolution to customers that do not define custom DNS servers.  This filtering ensures that customers can only resolve the hostnames of their deployment.
  • Enables monitoring probes from the load balancer to determine health state for VMs in a load balanced set
  • Enables PaaS role Guest Agent heartbeat messages

The virtual public IP address is used in all regions and will not change.  Therefore, it is recommended that this IP be allowed in any local firewall policies.  It should not be considered a security risk as only the internal Azure platform can source a message from that address.  Not doing so will result unexpected behavior in a variety of scenarios.

Additionally, traffic from virtual public IP address that is communicating to the endpoint configured for a load balanced set monitor probe should not be considered attack traffic.  In a non-virtual network scenario, the monitor probe is sourced from a private IP.


Source: David Goddard

Related Posts